Reputation: 961
Powershell Regex Log entry as string
I am trying to get information from this line of text:
C:\Tmp\TmsNcc-200602_000002_Log_cab.txt:3052:00:19:33.754 ( 5200: 9244) G-MST: 2000007C " guid=00030001-69f7-5c7f-227e-00104941c969" ("10.12.12.102","10.12.12.115"),(0, 0),2(ULaw),rsn:1,04:19:28.505 (UTC),pl:20,(s:257,
r:263, l:0),(j:0,u:0,o:0) flgs:0x00000000 "sip:[email protected]:5661",vpn:0
I am trying to get the GUID, J:#, U:#, o:#, and the two IP addresses, and finally the sip information at the end.
Working on it This is what I have so far:
$Test = $UnderRun.tostring()
$Tmp = (($Test -replace "^['guid'\= ]","").Split('"'))
$GUID = (($Test -replace "^['guid'\= ]","").Split('"'))[1] -replace ' guid=',''
$Stats = (($Test.Split('(,)')[22]).split(',')) -replace ".:",""
$Sip = $Test.Split("""")[7]
$VPN = if ($Test.Split("""")[8] -replace ',vpn:','' -eq '0') {$false} else {$true}
$Year = "20$(($Test.Split('-_')[1]).substring(0,2))"
$Month = ($Test.Split('-_')[1]).substring(2,2)
$Day = ($Test.Split('-_')[1]).substring(4,2)
$Date = "$Day/$Month/$year"
$Time = "$($Test.Split('-_')[4].split(":")[3]):$($Test.Split('-_')[4].split(":")[4] -replace "4 .*",'')"
$FromIP = $Tmp[3]
$ToIP = $Tmp[5]
$Jitter = $Stats[0]
$Unders = $Stats[1]
$Overs = $Stats[2]
$Return += [pscustomobject][ordered]@{
Date = $Date
Time = $Time
Guid = $GUID
Sip = $Sip
VPN = $VPN
From = $FromIP
To = $ToIP
Jitter = $Jitter
UnderRuns = $UnderRuns
OverRuns = $Overs
}
Upvotes: 0
Views: 39
Answers (1)
Reputation: 25031
If the data format is predictable and always in the order as shown above, you can use the -match operator against single strings. Then return matched values from the $matches automatic variable:
$string = 'C:\Tmp\TmsNcc-200602_000002_Log_cab.txt:3052:00:19:33.754 ( 5200: 9244) G-MST: 2000007C " guid=00030001-69f7-5c7f-227e-00104941c969" ("10.12.12.102","10.12.12.115"),(0, 0),2(ULaw),rsn:1,04:19:28.505 (UTC),pl:20,(s:257, r:263, l:0),(j:0,u:0,o:0) flgs:0x00000000 "sip:[email protected]:5661",vpn:0'
$regex = 'guid=(?<guid>[-a-f\d]+).*?\("(?<IP1>(?:\d{1,3}\.){3}\d{1,3})","(?<IP2>(?:\d{1,3}\.){3}\d{1,3})"\).*?\br:(?<r>\d+).*?\bj:(?<j>\d+).*?\bu:(?<u>\d+).*?\bsip:(?<sip>[^"]+)'
$null = $string -match $regex
[pscustomobject]@{
Guid = $matches.guid
Jitter = $matches.j
IP1 = $matches.IP1
IP2 = $matches.IP2
Underruns = $matches.u
SIP = $matches.sip
R = $matches.r
}
Explanation:
The -match operator uses regex to perform string matching. When the left-hand side (LHS) of -match is a single string, the operator will return True if the match is successful and False otherwise. If the return is True, $matches then contains the matched strings.
Using the syntax () or (?<name>), capture groups are created. name is the capture group name when that syntax ((?<name>)) is used. Then $matches.name can be used to retrieve the matched string.
The RHS of -match is regex syntax. I've created an online regex that details how the regex mechanisms work.
Upvotes: 1
Related Questions
- Regex multiline log
- Parsing A Log Item Into Custom Object
- Parse data from log file using Regex patterns
- Extract data from .log file with Regex
- Read Log File for Monitoring using regex
- Extract a value from log files
- Powershell regex to extract data from log file
- PowerShell regular expression on logfile is capturing too much
- Powershell log tailer issues
- Powershell regex